As remote access of computer systems and applications grows in popularity, the number and variety of transactions which are accessed remotely over public networks such as the Internet has increased dramatically. This popularity has underlined a need for security; in particular: how to ensure that people who are remotely accessing an application are who they claim they are, how to ensure that transactions being conducted remotely are initiated by legitimate individuals, and how to ensure that transaction data has not been altered before being received at an application server.
Recently, the use of a smartphone, rather than a PC (Personal Computer), to access remote applications has become increasingly popular. This means that solutions are required to secure the interaction of users with remote applications while using their smartphones. Existing solution which originally have been developed to be used with a PC quite often are not very satisfactory for usage with a smartphone for a variety of reasons. Pure software solutions, like software applications generating dynamic passwords and signatures, are vulnerable to attacks since smartphones unfortunately, just like PCs, have become more and more the target of all kinds of malware. Hardware solutions like smart cards or USB tokens require a specific communication interface (smart card reader, USB port . . . ) that is often not supported by the smartphone. And the usage of other hardware solutions, like strong authentication tokens, that rely on the user to manually copy data (like one-time passwords) to be exchanged may often be perceived as too cumbersome by users who have their hands already literally full with the smartphone itself.
What is needed is a secure yet convenient solution to secure the interaction between a user and a remote application using a smartphone.